| <?xml version="1.0"?> |
| <!--
|
| link:../matter-defines.adoc[]
|
|
|
| Copyright (C) Connectivity Standards Alliance (2021). All rights reserved.
|
| The information within this document is the property of the Connectivity
|
| Standards Alliance and its use and disclosure are restricted, except as
|
| expressly set forth herein.
|
|
|
| Connectivity Standards Alliance hereby grants you a fully-paid, non-exclusive,
|
| nontransferable, worldwide, limited and revocable license (without the right to
|
| sublicense), under Connectivity Standards Alliance's applicable copyright
|
| rights, to view, download, save, reproduce and use the document solely for your
|
| own internal purposes and in accordance with the terms of the license set forth
|
| herein. This license does not authorize you to, and you expressly warrant that
|
| you shall not: (a) permit others (outside your organization) to use this
|
| document; (b) post or publish this document; (c) modify, adapt, translate, or
|
| otherwise change this document in any manner or create any derivative work
|
| based on this document; (d) remove or modify any notice or label on this
|
| document, including this Copyright Notice, License and Disclaimer. The
|
| Connectivity Standards Alliance does not grant you any license hereunder other
|
| than as expressly stated herein.
|
|
|
| Elements of this document may be subject to third party intellectual property
|
| rights, including without limitation, patent, copyright or trademark rights,
|
| and any such third party may or may not be a member of the Connectivity
|
| Standards Alliance. Connectivity Standards Alliance members grant other
|
| Connectivity Standards Alliance members certain intellectual property rights as
|
| set forth in the Connectivity Standards Alliance IPR Policy. Connectivity
|
| Standards Alliance members do not grant you any rights under this license. The
|
| Connectivity Standards Alliance is not responsible for, and shall not be held
|
| responsible in any manner for, identifying or failing to identify any or all
|
| such third party intellectual property rights. Please visit www.csa-iot.org for
|
| more information on how to become a member of the Connectivity Standards
|
| Alliance.
|
|
|
| This document and the information contained herein are provided on an “AS IS”
|
| basis and the Connectivity Standards Alliance DISCLAIMS ALL WARRANTIES EXPRESS
|
| OR IMPLIED, INCLUDING BUT NOT LIMITED TO (A) ANY WARRANTY THAT THE USE OF THE
|
| INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OF THIRD PARTIES (INCLUDING
|
| WITHOUT LIMITATION ANY INTELLECTUAL PROPERTY RIGHTS INCLUDING PATENT, COPYRIGHT
|
| OR TRADEMARK RIGHTS); OR (B) ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS
|
| FOR A PARTICULAR PURPOSE, TITLE OR NONINFRINGEMENT. IN NO EVENT WILL THE
|
| CONNECTIVITY STANDARDS ALLIANCE BE LIABLE FOR ANY LOSS OF PROFITS, LOSS OF
|
| BUSINESS, LOSS OF USE OF DATA, INTERRUPTION OF BUSINESS, OR FOR ANY OTHER
|
| DIRECT, INDIRECT, SPECIAL OR EXEMPLARY, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL
|
| DAMAGES OF ANY KIND, IN CONTRACT OR IN TORT, IN CONNECTION WITH THIS DOCUMENT
|
| OR THE INFORMATION CONTAINED HEREIN, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
|
| LOSS OR DAMAGE.
|
|
|
| All company, brand and product names in this document may be trademarks that
|
| are the sole property of their respective owners.
|
|
|
| This notice and disclaimer must be included on all copies of this document.
|
|
|
| Connectivity Standards Alliance
|
| 508 Second Street, Suite 206
|
| Davis, CA 95616, USA
|
| --> |
| <cluster xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="types types.xsd cluster cluster.xsd" id="0x003e" name="Operational Credentials" revision="1"> |
| <revisionHistory> |
| <revision revision="1" summary="Initial Release"/> |
| </revisionHistory> |
| <classification hierarchy="base" role="utility" picsCode="OPCREDS" scope="Node"/> |
| <dataTypes> |
| <number name="Attestation Elements" type=""/> |
| <number name="Attestation Information" type=""/> |
| <number name="NOCSR Elements" type=""/> |
| <number name="NOCSR Information" type=""/> |
| <number name="RESP_MAX Constant" type=""/> |
| <enum name="CertificateChainTypeEnum"> |
| <item value="1" name="DACCertificate" summary="Request the DER-encoded DAC certificate"> |
| <mandatoryConform/> |
| </item> |
| <item value="2" name="PAICertificate" summary="Request the DER-encoded PAI certificate"> |
| <mandatoryConform/> |
| </item> |
| </enum> |
| <enum name="NodeOperationalCertStatusEnum"> |
| <item value="0" name="OK" summary="OK, no error"> |
| <mandatoryConform/> |
| </item> |
| <item value="1" name="InvalidPublicKey" summary="[[ref_InvalidPublicKey]] Public Key in the NOC does not match the public key in the NOCSR"> |
| <mandatoryConform/> |
| </item> |
| <item value="2" name="InvalidNodeOpId" summary="[[ref_InvalidOperationalId]] The Node Operational ID in the NOC is not formatted correctly."> |
| <mandatoryConform/> |
| </item> |
| <item value="3" name="InvalidNOC" summary="[[ref_InvalidNoc]] Any other validation error in NOC chain"> |
| <mandatoryConform/> |
| </item> |
| <item value="4" name="MissingCsr" summary="[[ref_MissingCsr]] No record of prior CSR for which this NOC could match"> |
| <mandatoryConform/> |
| </item> |
| <item value="5" name="TableFull" summary="[[ref_TableFull]] NOCs table full, cannot add another one"> |
| <mandatoryConform/> |
| </item> |
| <item value="6" name="InvalidAdminSubject" summary="[[ref_InvalidAdminSubject]] Invalid CaseAdminSubject field for an AddNOC command."> |
| <mandatoryConform/> |
| </item> |
| <item value="7" summary="Reserved for future use"> |
| <mandatoryConform/> |
| </item> |
| <item value="8" summary="Reserved for future use"> |
| <mandatoryConform/> |
| </item> |
| <item value="9" name="FabricConflict" summary="[[ref_FabricConflict]] Trying to AddNOC instead of UpdateNOC against an existing Fabric."> |
| <mandatoryConform/> |
| </item> |
| <item value="10" name="LabelConflict" summary="[[ref_LabelConflict]] Label already exists on another Fabric."> |
| <mandatoryConform/> |
| </item> |
| <item value="11" name="InvalidFabricIndex" summary="[[ref_InvalidFabricIndex]] FabricIndex argument is invalid."> |
| <mandatoryConform/> |
| </item> |
| </enum> |
| <struct name="FabricDescriptorStruct"> |
| <field id="1" name="RootPublicKey" type="<<ref_DataTypeOctstr>>"> |
| <mandatoryConform/> |
| <constraint type="allowed" value="65"/> |
| </field> |
| <field id="2" name="VendorID" type="<<ref_DataTypeVendorId>>"> |
| <mandatoryConform/> |
| <constraint type="desc"/> |
| </field> |
| <field id="3" name="FabricID" type="fabric-id"> |
| <mandatoryConform/> |
| </field> |
| <field id="4" name="NodeID" type="node-id"> |
| <mandatoryConform/> |
| </field> |
| <field id="5" name="Label" type="string" default="""> |
| <mandatoryConform/> |
| <constraint type="maxLength" value="32"/> |
| </field> |
| </struct> |
| <struct name="NOCStruct"> |
| <field id="1" name="NOC" type="<<ref_DataTypeOctstr>>"> |
| <access fabricSensitive="true"/> |
| <mandatoryConform/> |
| <constraint type="max" value="400"/> |
| </field> |
| <field id="2" name="ICAC" type="<<ref_DataTypeOctstr>>"> |
| <access fabricSensitive="true"/> |
| <quality nullable="true"/> |
| <mandatoryConform/> |
| <constraint type="max" value="400"/> |
| </field> |
| </struct> |
| </dataTypes> |
| <attributes> |
| <attribute id="0x0000" name="NOCs" type="<<ref_DataTypeList>>[NOCStruct Type]"> |
| <access read="true" readPrivilege="admin"/> |
| <quality changeOmitted="true" nullable="false" scene="false" persistence="nonVolatile" reportable="false"/> |
| <mandatoryConform/> |
| <constraint type="max" value="SupportedFabrics"/> |
| </attribute> |
| <attribute id="0x0001" name="Fabrics" type="<<ref_DataTypeList>>[FabricDescriptorStruct Type]"> |
| <access read="true" readPrivilege="view"/> |
| <quality changeOmitted="false" nullable="false" scene="false" persistence="nonVolatile" reportable="false"/> |
| <mandatoryConform/> |
| <constraint type="max" value="SupportedFabrics"/> |
| </attribute> |
| <attribute id="0x0002" name="SupportedFabrics" type="uint8"> |
| <access read="true" readPrivilege="view"/> |
| <quality changeOmitted="false" nullable="false" scene="false" persistence="fixed" reportable="false"/> |
| <mandatoryConform/> |
| <constraint type="between" from="5" to="254"/> |
| </attribute> |
| <attribute id="0x0003" name="CommissionedFabrics" type="uint8"> |
| <access read="true" readPrivilege="view"/> |
| <quality changeOmitted="false" nullable="false" scene="false" persistence="nonVolatile" reportable="false"/> |
| <mandatoryConform/> |
| <constraint type="max" value="SupportedFabrics"/> |
| </attribute> |
| <attribute id="0x0004" name="TrustedRootCertificates" type="<<ref_DataTypeList>>[<<ref_DataTypeOctstr>>]"> |
| <access read="true" readPrivilege="view"/> |
| <quality changeOmitted="true" nullable="false" scene="false" persistence="nonVolatile" reportable="false"/> |
| <mandatoryConform/> |
| </attribute> |
| <attribute id="0x0005" name="CurrentFabricIndex" type="uint8" default="0"> |
| <access read="true" readPrivilege="view"/> |
| <mandatoryConform/> |
| </attribute> |
| </attributes> |
| <commands> |
| <command id="0x00" name="AttestationRequest" response="AttestationResponse"> |
| <access invokePrivilege="admin"/> |
| <mandatoryConform/> |
| <field id="0" name="AttestationNonce" type="octets"> |
| <mandatoryConform/> |
| <constraint type="maxLength" value="32"/> |
| </field> |
| </command> |
| <command id="0x01" name="AttestationResponse" direction="responseFromServer"> |
| <access invokePrivilege="operate"/> |
| <mandatoryConform/> |
| <field id="0" name="AttestationElements" type="octets"> |
| <mandatoryConform/> |
| <constraint type="maxLength" value="RESP_MAX"/> |
| </field> |
| <field id="1" name="AttestationSignature" type="octets"> |
| <mandatoryConform/> |
| <constraint type="maxLength" value="64"/> |
| </field> |
| </command> |
| <command id="0x02" name="CertificateChainRequest" response="CertificateChainResponse"> |
| <access invokePrivilege="admin"/> |
| <mandatoryConform/> |
| <field id="0" name="CertificateType" type="CertificateChainTypeEnum"> |
| <mandatoryConform/> |
| <constraint type="desc"/> |
| </field> |
| </command> |
| <command id="0x03" name="CertificateChainResponse" direction="responseFromServer"> |
| <access invokePrivilege="operate"/> |
| <mandatoryConform/> |
| <field id="0" name="Certificate" type="octets"> |
| <mandatoryConform/> |
| <constraint type="maxLength" value="600"/> |
| </field> |
| </command> |
| <command id="0x04" name="CSRRequest" response="CSRResponse"> |
| <access invokePrivilege="admin"/> |
| <mandatoryConform/> |
| <field id="0" name="CSRNonce" type="octets"> |
| <mandatoryConform/> |
| <constraint type="maxLength" value="32"/> |
| </field> |
| <field id="1" name="IsForUpdateNOC" type="bool" default="false"> |
| <optionalConform/> |
| </field> |
| </command> |
| <command id="0x05" name="CSRResponse" direction="responseFromServer"> |
| <access invokePrivilege="operate"/> |
| <mandatoryConform/> |
| <field id="0" name="NOCSRElements" type="octets"> |
| <mandatoryConform/> |
| <constraint type="maxLength" value="RESP_MAX"/> |
| </field> |
| <field id="1" name="AttestationSignature" type="octets"> |
| <mandatoryConform/> |
| <constraint type="maxLength" value="64"/> |
| </field> |
| </command> |
| <command id="0x06" name="AddNOC" response="NOCResponse"> |
| <access invokePrivilege="admin"/> |
| <mandatoryConform/> |
| <field id="0" name="NOCValue" type="<<ref_DataTypeOctstr>>"> |
| <mandatoryConform/> |
| <constraint type="max" value="400"/> |
| </field> |
| <field id="1" name="ICACValue" type="<<ref_DataTypeOctstr>>"> |
| <optionalConform/> |
| <constraint type="max" value="400"/> |
| </field> |
| <field id="2" name="IPKValue" type="<<ref_DataTypeOctstr>>"> |
| <mandatoryConform/> |
| <constraint type="allowed" value="16"/> |
| </field> |
| <field id="3" name="CaseAdminSubject" type="<<SubjectID>>"> |
| <mandatoryConform/> |
| </field> |
| <field id="4" name="AdminVendorId" type="<<ref_DataTypeVendorId>>"> |
| <mandatoryConform/> |
| </field> |
| </command> |
| <command id="0x07" name="UpdateNOC" response="NOCResponse"> |
| <access invokePrivilege="admin" fabricScoped="true"/> |
| <mandatoryConform/> |
| <field id="0" name="NOCValue" type="octets"> |
| <mandatoryConform/> |
| <constraint type="maxLength" value="400"/> |
| </field> |
| <field id="1" name="ICACValue" type="octets"> |
| <optionalConform/> |
| <constraint type="maxLength" value="400"/> |
| </field> |
| </command> |
| <command id="0x08" name="NOCResponse" direction="responseFromServer"> |
| <access invokePrivilege="operate"/> |
| <mandatoryConform/> |
| <field id="0" name="StatusCode" type="NodeOperationalCertStatusEnum"> |
| <mandatoryConform/> |
| </field> |
| <field id="1" name="FabricIndex" type="fabric-idx"> |
| <optionalConform/> |
| <constraint type="between" from="1" to="254"/> |
| </field> |
| <field id="2" name="DebugText" type="string"> |
| <optionalConform/> |
| <constraint type="maxLength" value="128"/> |
| </field> |
| </command> |
| <command id="0x09" name="UpdateFabricLabel" response="NOCResponse"> |
| <access invokePrivilege="admin" fabricScoped="true"/> |
| <mandatoryConform/> |
| <field id="0" name="Label" type="string"> |
| <mandatoryConform/> |
| <constraint type="maxLength" value="32"/> |
| </field> |
| </command> |
| <command id="0x0a" name="RemoveFabric" response="NOCResponse"> |
| <access invokePrivilege="admin"/> |
| <mandatoryConform/> |
| <field id="0" name="FabricIndex" type="fabric-idx"> |
| <mandatoryConform/> |
| <constraint type="between" from="1" to="254"/> |
| </field> |
| </command> |
| <command id="0x0b" name="AddTrustedRootCertificate" response="Y"> |
| <access invokePrivilege="admin"/> |
| <mandatoryConform/> |
| <field id="0" name="RootCACertificate" type="<<ref_DataTypeOctstr>>"> |
| <mandatoryConform/> |
| <constraint type="max" value="400"/> |
| </field> |
| </command> |
| </commands> |
| </cluster> |